diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3517.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3517.json new file mode 100644 index 00000000000..12614dc7c28 --- /dev/null +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3517.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3517", + "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", + "published": "2023-12-12T23:15:07.003", + "lastModified": "2023-12-12T23:15:07.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nHitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including \n8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security.vulnerabilities@hitachivantara.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security.vulnerabilities@hitachivantara.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-99" + } + ] + } + ], + "references": [ + { + "url": "https://support.pentaho.com/hc/en-us/articles/19668665099533", + "source": "security.vulnerabilities@hitachivantara.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json index adcf8810f68..a406dfdbf91 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42916.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42916", "sourceIdentifier": "product-security@apple.com", "published": "2023-11-30T23:15:07.223", - "lastModified": "2023-12-12T02:15:06.800", + "lastModified": "2023-12-13T00:15:07.083", "vulnStatus": "Modified", "cisaExploitAdd": "2023-12-04", "cisaActionDue": "2023-12-25", @@ -92,6 +92,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Dec/3", + "source": "product-security@apple.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json b/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json index 0bfb2e1232c..88ba5e7527a 100644 --- a/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json +++ b/CVE-2023/CVE-2023-429xx/CVE-2023-42917.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42917", "sourceIdentifier": "product-security@apple.com", "published": "2023-11-30T23:15:07.280", - "lastModified": "2023-12-12T02:15:06.913", + "lastModified": "2023-12-13T00:15:07.180", "vulnStatus": "Modified", "cisaExploitAdd": "2023-12-04", "cisaActionDue": "2023-12-25", @@ -92,6 +92,10 @@ } ], "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Dec/3", + "source": "product-security@apple.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json index 3f62bf74778..65897d8c5c0 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46818.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46818", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T04:15:10.907", - "lastModified": "2023-12-08T17:15:07.433", + "lastModified": "2023-12-13T00:15:07.247", "vulnStatus": "Modified", "descriptions": [ { @@ -78,6 +78,10 @@ "url": "http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html", "source": "cve@mitre.org" }, + { + "url": "http://seclists.org/fulldisclosure/2023/Dec/2", + "source": "cve@mitre.org" + }, { "url": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48397.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48397.json index 888e1768497..890c5c4fd74 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48397.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48397.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48397", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:16.560", - "lastModified": "2023-12-08T16:37:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:39:39.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En Init de protocolcalladapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n con privilegios de ejecuci\u00f3n de Syistem necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48401.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48401.json index ecaf7aef570..04d618e9f84 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48401.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48401.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48401", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:16.720", - "lastModified": "2023-12-08T16:37:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:24:39.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En GetSizeOfEenlRecords de protocoladapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48402.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48402.json index 2583a0ccd14..a401bb5387e 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48402.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48402.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48402", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:16.933", - "lastModified": "2023-12-08T16:37:45.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:21:11.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En ppcfw_enable de ppcfw.c, existe un posible EoP debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48408.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48408.json index 0fa70e0dfae..2e74e621701 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48408.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48408.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48408", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:17.953", - "lastModified": "2023-12-08T16:37:40.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:28:59.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En ProtocolNetSimFileInfoAdapter() de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48409.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48409.json index 5bd2bd4a5d6..d878eac7b77 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48409.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48409.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48409", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:18.000", - "lastModified": "2023-12-08T16:37:40.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:46:43.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En gpu_pixel_handle_buffer_liveness_update_ioctl de private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48410.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48410.json index 539c9067d14..df7a5d1c486 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48410.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48410.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48410", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:18.050", - "lastModified": "2023-12-08T16:37:40.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:48:00.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En cd_ParseMsg de cd_codec.c, hay una posible lectura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48411.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48411.json index a879299f0a1..f9a5ba069a4 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48411.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48411.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48411", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:18.097", - "lastModified": "2023-12-08T16:37:40.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:53:08.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En SignalStrengthAdapter::FillGsmSignalStrength() de protocolmiscadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48412.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48412.json index c32bb862fd6..c43c79ad5d0 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48412.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48412.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48412", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:18.150", - "lastModified": "2023-12-08T16:37:40.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:56:00.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En private_handle_t de mali_gralloc_buffer.h, existe una posible fuga de informaci\u00f3n debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48413.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48413.json index 2969dc4388b..dbb471b9aea 100644 --- a/CVE-2023/CVE-2023-484xx/CVE-2023-48413.json +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48413.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48413", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2023-12-08T16:15:18.200", - "lastModified": "2023-12-08T16:37:40.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-12T23:58:05.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En Init de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50263.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50263.json new file mode 100644 index 00000000000..7090270a4ea --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50263.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2023-50263", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-12-12T23:15:07.270", + "lastModified": "2023-12-12T23:15:07.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nautobot/nautobot/pull/4959", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nautobot/nautobot/pull/4964", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6753.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6753.json new file mode 100644 index 00000000000..5cda5b0a6c2 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6753.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6753", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-12-13T00:15:07.330", + "lastModified": "2023-12-13T00:15:07.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6c17257a66d..610dd119d81 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-12T23:00:18.803294+00:00 +2023-12-13T00:55:17.122633+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-12T22:36:13.917000+00:00 +2023-12-13T00:15:07.330000+00:00 ``` ### Last Data Feed Release @@ -29,50 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232923 +232926 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -* [CVE-2023-48225](CVE-2023/CVE-2023-482xx/CVE-2023-48225.json) (`2023-12-12T21:15:08.237`) -* [CVE-2023-50251](CVE-2023/CVE-2023-502xx/CVE-2023-50251.json) (`2023-12-12T21:15:08.453`) -* [CVE-2023-50252](CVE-2023/CVE-2023-502xx/CVE-2023-50252.json) (`2023-12-12T21:15:08.670`) -* [CVE-2023-5379](CVE-2023/CVE-2023-53xx/CVE-2023-5379.json) (`2023-12-12T22:15:22.410`) -* [CVE-2023-5764](CVE-2023/CVE-2023-57xx/CVE-2023-5764.json) (`2023-12-12T22:15:22.747`) -* [CVE-2023-6710](CVE-2023/CVE-2023-67xx/CVE-2023-6710.json) (`2023-12-12T22:15:22.950`) +* [CVE-2023-3517](CVE-2023/CVE-2023-35xx/CVE-2023-3517.json) (`2023-12-12T23:15:07.003`) +* [CVE-2023-50263](CVE-2023/CVE-2023-502xx/CVE-2023-50263.json) (`2023-12-12T23:15:07.270`) +* [CVE-2023-6753](CVE-2023/CVE-2023-67xx/CVE-2023-6753.json) (`2023-12-13T00:15:07.330`) ### CVEs modified in the last Commit -Recently modified CVEs: `45` +Recently modified CVEs: `12` -* [CVE-2023-46496](CVE-2023/CVE-2023-464xx/CVE-2023-46496.json) (`2023-12-12T22:18:54.150`) -* [CVE-2023-46497](CVE-2023/CVE-2023-464xx/CVE-2023-46497.json) (`2023-12-12T22:21:32.197`) -* [CVE-2023-46498](CVE-2023/CVE-2023-464xx/CVE-2023-46498.json) (`2023-12-12T22:22:27.287`) -* [CVE-2023-46499](CVE-2023/CVE-2023-464xx/CVE-2023-46499.json) (`2023-12-12T22:22:42.330`) -* [CVE-2023-6560](CVE-2023/CVE-2023-65xx/CVE-2023-6560.json) (`2023-12-12T22:22:57.643`) -* [CVE-2023-49797](CVE-2023/CVE-2023-497xx/CVE-2023-49797.json) (`2023-12-12T22:23:20.533`) -* [CVE-2023-5058](CVE-2023/CVE-2023-50xx/CVE-2023-5058.json) (`2023-12-12T22:23:57.073`) -* [CVE-2023-6061](CVE-2023/CVE-2023-60xx/CVE-2023-6061.json) (`2023-12-12T22:24:14.313`) -* [CVE-2023-26158](CVE-2023/CVE-2023-261xx/CVE-2023-26158.json) (`2023-12-12T22:26:30.457`) -* [CVE-2023-6612](CVE-2023/CVE-2023-66xx/CVE-2023-6612.json) (`2023-12-12T22:26:54.027`) -* [CVE-2023-6622](CVE-2023/CVE-2023-66xx/CVE-2023-6622.json) (`2023-12-12T22:27:05.137`) -* [CVE-2023-42894](CVE-2023/CVE-2023-428xx/CVE-2023-42894.json) (`2023-12-12T22:28:03.870`) -* [CVE-2023-28873](CVE-2023/CVE-2023-288xx/CVE-2023-28873.json) (`2023-12-12T22:29:55.940`) -* [CVE-2023-28874](CVE-2023/CVE-2023-288xx/CVE-2023-28874.json) (`2023-12-12T22:30:05.117`) -* [CVE-2023-46932](CVE-2023/CVE-2023-469xx/CVE-2023-46932.json) (`2023-12-12T22:32:26.197`) -* [CVE-2023-5756](CVE-2023/CVE-2023-57xx/CVE-2023-5756.json) (`2023-12-12T22:33:17.393`) -* [CVE-2023-6120](CVE-2023/CVE-2023-61xx/CVE-2023-6120.json) (`2023-12-12T22:33:35.077`) -* [CVE-2023-47254](CVE-2023/CVE-2023-472xx/CVE-2023-47254.json) (`2023-12-12T22:33:48.820`) -* [CVE-2023-50431](CVE-2023/CVE-2023-504xx/CVE-2023-50431.json) (`2023-12-12T22:34:10.203`) -* [CVE-2023-6394](CVE-2023/CVE-2023-63xx/CVE-2023-6394.json) (`2023-12-12T22:35:02.730`) -* [CVE-2023-47465](CVE-2023/CVE-2023-474xx/CVE-2023-47465.json) (`2023-12-12T22:35:12.383`) -* [CVE-2023-28868](CVE-2023/CVE-2023-288xx/CVE-2023-28868.json) (`2023-12-12T22:35:26.717`) -* [CVE-2023-28869](CVE-2023/CVE-2023-288xx/CVE-2023-28869.json) (`2023-12-12T22:35:41.287`) -* [CVE-2023-28870](CVE-2023/CVE-2023-288xx/CVE-2023-28870.json) (`2023-12-12T22:35:57.683`) -* [CVE-2023-28871](CVE-2023/CVE-2023-288xx/CVE-2023-28871.json) (`2023-12-12T22:36:13.917`) +* [CVE-2023-48402](CVE-2023/CVE-2023-484xx/CVE-2023-48402.json) (`2023-12-12T23:21:11.557`) +* [CVE-2023-48401](CVE-2023/CVE-2023-484xx/CVE-2023-48401.json) (`2023-12-12T23:24:39.517`) +* [CVE-2023-48408](CVE-2023/CVE-2023-484xx/CVE-2023-48408.json) (`2023-12-12T23:28:59.970`) +* [CVE-2023-48397](CVE-2023/CVE-2023-483xx/CVE-2023-48397.json) (`2023-12-12T23:39:39.640`) +* [CVE-2023-48409](CVE-2023/CVE-2023-484xx/CVE-2023-48409.json) (`2023-12-12T23:46:43.867`) +* [CVE-2023-48410](CVE-2023/CVE-2023-484xx/CVE-2023-48410.json) (`2023-12-12T23:48:00.343`) +* [CVE-2023-48411](CVE-2023/CVE-2023-484xx/CVE-2023-48411.json) (`2023-12-12T23:53:08.647`) +* [CVE-2023-48412](CVE-2023/CVE-2023-484xx/CVE-2023-48412.json) (`2023-12-12T23:56:00.697`) +* [CVE-2023-48413](CVE-2023/CVE-2023-484xx/CVE-2023-48413.json) (`2023-12-12T23:58:05.553`) +* [CVE-2023-42916](CVE-2023/CVE-2023-429xx/CVE-2023-42916.json) (`2023-12-13T00:15:07.083`) +* [CVE-2023-42917](CVE-2023/CVE-2023-429xx/CVE-2023-42917.json) (`2023-12-13T00:15:07.180`) +* [CVE-2023-46818](CVE-2023/CVE-2023-468xx/CVE-2023-46818.json) (`2023-12-13T00:15:07.247`) ## Download and Usage